package com.gexada.simplechat.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.simp.SimpMessageType;
import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry;
import org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer;

/**
 * 初始化Spring WebSocketSecurity
 */
@Configuration
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {

	protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
		messages
				// message types other than MESSAGE and SUBSCRIBE
				.nullDestMatcher().authenticated()
				// anyone can subscribe to the errors
				.simpSubscribeDestMatchers("/user/queue/errors").permitAll()
				// matches any destination that starts with /app/
				.simpDestMatchers("/app/**").authenticated()
				// matches any destination for SimpMessageType.SUBSCRIBE that
				// starts with
				// /user/ or /topic/friends/ or /topic/organizations/ or
				// /topic/users/
				.simpSubscribeDestMatchers("/user/**", "/topic/users/**")
				.authenticated()

				// (i.e. cannot send messages directly to /topic/, /queue/)
				// (i.e. cannot subscribe to /topic/messages/* to get messages
				// sent to
				// /topic/messages-user<id>)
				.simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll()
				// catch all
				.anyMessage().denyAll();
	}
}